Fireblocks releases flagship survey The Financial Grid: Banking, Digital Assets, And The Infrastructure Decisions Defining 2026. Learn more.

Talk to sales

June 26, 2025

|
10 min. read

Unlocking Web3 for Businesses: Security, Compliance, and Custody

Talk to sales

Table of Contents

Why Businesses are Embracing Web3Navigating Web3 Challenges and UncertaintiesWallet and Custody TypesWeb3 Technology Requirements for Different Corporate StakeholdersStepping into the Future with Web3
You can download the PDF here

Why Businesses are Embracing Web3

Corporations and digital businesses are looking to the blockchain and Web3 spaces to enhance their customers’ experience with their brands. The benefits of blockchain are centered around decentralization and an ownership layer that provides individuals with more control over their data and assets. Unlike Web2, blockchain technology enables all activities in the Web3 space to be distributed and tamper-proof, delivering an immutable record of every transaction and elevating customer trust.

Since the rise of Web3, corporations have shown substantial interest for compelling reasons, including the ability to:

  • Create new revenue streams by reaching untapped demographics: Web3 resonates with people excited about its decentralization principles, and appeals to a generation that has embraced wallets and digital assets as part of their online interactions. This creates the opportunity for new or enhanced business models and revenue streams across untapped markets and new demographics.
  • Enhance loyalty and increase engagement: Unlike current web platforms, where user participation can feel transactional, Web3 offers systems like token-based rewards tailored to a user’s habits. Users often have a more vested interest in the brand’s products and services, fostering a deeper sense of community and brand loyalty.
  • Improve customer relationship management: The immutability of the blockchain ensures the integrity of your customers’ data. Businesses can streamline processes using smart contracts and also use the data to measure user interactions, which enables them to create new product or service offerings.

This report is for anyone interested in bringing a Web3 strategy to market. You’ll gain insights on real-world Web3 case studies and technology requirements. It features adoption challenges that businesses are likely to encounter, including reputational risks, regulatory and compliance considerations, wallet and custody explanations and use cases, and technology and expertise needed for your company to launch a successful Web3 offering.

Navigating Web3 Challenges and Uncertainties

Many corporate leaders approach Web3 with cautious optimism and view it as the inevitable next step in digital transformation and an opportunity to create new value streams. However, this optimism comes with a dose of caution, often centered around reputational risk, regulatory uncertainties, and security.

Reputational Risks

Reputational risks associated with Web3 substantially impact companies if they are unprepared for decentralized systems’ nuances or do not choose the right technology partner. Reputational concerns include:

  • Project failures
  • Data breaches
  • Security failures
  • Regulatory backlash
  • Environmental concerns
  • Poor governance

Plan and prepare to respond to reputational risk to avoid damage to the brand and prevent stakeholder mistrust. Partnering with the right technology companies that can help manage/mitigate such risks is critical to achieving your Web3 vision.

Regulatory and Compliance

Regulations vary widely across different regions and play an essential role in ensuring fairness, safety, and accountability across industries, aiming to protect businesses and the general public. The following information is an overview of the state of regulations related to digital assets in the United States.

Karate Combat: Full-contact Karate Sports League Establishes a Command Center for it’s Web3 Digital Operations

U.S. Securities and Exchange Commission

The U.S. Securities and Exchange Commission (SEC) enforces federal securities laws and regulates the securities industry and exchanges. The rapid evolution of cryptocurrencies and other digital assets like Ethereum (ETH), Bitcoin (BTH), and NFTs has presented unique challenges to the SEC’s traditional regulatory framework. The commission’s approach to classifying digital assets remains ambiguous. The SEC has attempted to advance regulations for years and gained significant momentum after the FTX fallout in November 2022. Here is the SEC Crypto Crackdown Timeline featured in the Forbes article, “How Does The SEC Regulate Crypto.” This lack of clarity is often problematic for businesses as they grapple with how to treat these assets on their balance sheet.

Regardless of region, here are some important regulatory and compliance questions to consider:

  • How is the cryptocurrency or tokens we’re considering classified in our region/ jurisdiction (e.g., as a security, non-fungible token (NFT), stablecoin, or utility token?)
  • Are we operating or transacting in multiple jurisdictions? If so, how does the regulatory environment differ across these regions?
  • How are cryptocurrency transactions treated for tax purposes in our jurisdiction?
  • What are the reporting requirements for crypto transactions?
  • What about anti-money laundering (AML) and Know Your Customer (KYC) obligations?
  • How do we ensure the security and protection of our digital assets?

U.S. Crypto Tax Reporting

The U.S. Internal Revenue Service (IRS) and the U.S. Treasury Department introduced a new rule that requires cryptocurrency brokers to complete a report related to users’ sales and exchanges of digital assets to the IRS. The law applies to centralized and decentralized digital asset trading platforms, crypto payment processors, and certain online wallets where users store digital assets. The rule would cover cryptocurrencies like BTC, ETH, and NFTs. A new tax reporting form called 1099DA is available to help crypto users determine if they owe taxes (Reuters.com).

Understanding regulatory, compliance, and tax obligations in your country and jurisdiction is critical to delivering a successful Web3 offering strategy. It is, therefore, crucial to develop strategic relationships with trusted Web3 or crypto technology providers with knowledge, knowhow, and a track record for adhering to regulatory requirements.

Wallet Technology and Security

Blockchain technology was not conceptualized with corporate enterprises as the primary users. Once data is committed to the blockchain, it cannot be altered. While this provides trust and transparency, it also means fraudulent transactions are permanently recorded and cannot be reversed. This state of permanence is why hackers constantly look for ways to exploit weaknesses and vulnerabilities at every opportunity.

As enterprises cannot easily and simply adopt Web3, they must build or integrate tools that enable wallet security, policies, and procedures tailored to transact and interact on the blockchain to derive value. Security isn’t just a requirement for Web3; it’s foundational. Wallet technology and security are the cornerstones to safeguarding wallet transactions on the blockchain. Corporations must consider secure wallet technology and infrastructure in anticipation of potential threats.

Web3 also brings a new set of governance and policy challenges. Traditional governance structures and policies that corporations have relied upon may need to be revised to accommodate the nuances and complexities of managing digital assets. Corporations must create policies or adapt their existing systems to ensure they comply with the ever-evolving regulatory landscape and are protected against internal threats.

Flipkart: eCommerce Company Advances Rewards Program with Web3 Technology

Wallet and Custody Types

Custody relates to how digital assets are held and managed. Each wallet type and wallet provider has different characteristics. Below is a glossary of the key players in wallet security.

Terminology: Parties in the Web3 Wallet Ecosystem

Custody technology service providers refer to companies that provide a technology solution for the creation, administration, and security of digital asset wallets. Fireblocks is an example of a custody technology service provider.

Business refers to the contracting party of either a custody technology service provider or a subcustodian. Businesses use wallet providers for multiple use cases, ranging from the administration of their assets (treasury management) to the “white labeling” of wallet solutions in services offered to their end-users. End-user refers to the customer(s) of the business.

End-users may have a contractual relationship with the business but rarely have a direct commercial relationship with the wallet service provider.

From the lens of the Web3 company, businesses often choose between noncustodial and direct custody models. The following explains the main types of wallet custody models and the roles of different parties involved.

Web3 Custody Type

Non-custodial wallets: A business onboards a custody technology service provider to design security features, enable blockchain interaction, and offer ongoing support. The end users have full control over their digital wallets and private keys and are responsible for safeguarding their assets. Losing access to a non-custodial wallet often means the assets are irretrievable.

Direct custody (self custody): A business onboards a custody technology service provider to design security features and offer support. The business is in sole possession of end-users’ private keys, controls the wallet(s), and initiates all transactions for the end-users.

Both wallet custody types offer unique advantages depending on the objectives and requirements of a company. Here is a comparison chart between the two types of wallets and a breakdown of private key management, security, recovery options, user experience, accessibility, and regulatory compliance.

Wallet Comparison Chart: Non-custodial and Direct Custody
NON-CUSTODIAL WALLETSDIRECT CUSTODY
Private Key ManagementUsers have full control and access to their private keys; no third party can move their assets.Private keys are controlled and managed by the service provider, which secures and stores them on behalf of the user.
SecuritySecurity is primarily the user’s responsibility, as private keys are in their full control.The service provider is responsible for the security of wallets and transactions with a centralized infrastructure
Recovery OptionsThere is often no service provider to assist with recovery.Often managed through customer support or automated processes set by the service provider.
User ExperienceA greater learning curve for beginners.It’s more user-friendly for beginners.
User ExperienceLess scrutiny, oversight, and reporting.Subject to different regulations depending on jurisdiction; KYC and AML compliance.

To apply the technicalities of wallets to real-world scenarios, the following use cases have been summarized to illustrate why non-custodial and self-custody wallets are the preferred methods to support Web3 initiatives, and how different companies are utilizing both types of wallets according to their business needs.

Read how Kriptomat uses Web3 wallets directly in their application to scale the support of millions of gamers

Web3 Technology Requirements for Different Corporate Stakeholders

Businesses looking to venture into Web3 usually involve various key stakeholders, including executive leadership, IT and the development team, finance, legal, and marketing, during the vetting and due diligence process. Here is an overview of common stakeholders and what they perceive to be important.

Corporate-grade Key Management and Wallet Security

IT and development teams will require a solution that leverages multi-party computation (MPC) security and allows you to create and manage wallets with zero counterparty risk. They will expect the provider to offer different wallet options, including direct custody and non-custodial wallets. They will likely consider solutions that can eliminate a single point of private key compromise by combining MPC and secure hardware enclaves. Vendors with certifications such as CCSS Level III, SOC2 Type II, ISO 27001, ISO 27017, and ISO 27018 will be in better standing with the IT and development teams.

Governance and Policy Management

IT, development, operations, and finance teams will require a platform that allows them to customize policies to business processes with a dynamic policy engine. The groups must be able to configure user roles, transaction policies, and approval workflows for every wallet, user, and transaction type so that any transfer or operation will only be executed with the required approvals.

Secure Smart Contract Management and Tokenization

IT, development, legal, and compliance teams will need a solution that allows them to secure and control smart contracts from wallets. They will require the ability to set policies for interacting with whitelisted smart contracts to protect against malicious actors. The team will also need to configure policies for NFT and token operations – from user permissions to admin approvals. Automation capabilities to mint and transfer NFTs and utility tokens at scale are important to this group.

Flexible and Scalable

All departments need a future-proof custody and wallet provider to scale with the business as your Web3 initiative evolves and grows. To ensure success, the provider should be able to handle large-scale complex projects and support proofs-of-concept projects that can be easily implemented in a production environment without the need to re-architect.

Stepping into the Future with Web3

For businesses ready to take the next step, working with the right technology providers with deep-rooted knowledge, hands-on experience, and proven technology is imperative. The path to Web3 necessitates effective solutions for your needs today but is flexible to scale as your business evolves.

You can download the PDF here

About us

Fireblocks is the world’s most trusted digital asset infrastructure company, empowering organizations of all sizes to build, manage and grow their business on the blockchain. With the industry’s most scalable and secure platform, we streamline stablecoin payments, settlement, custody, tokenization, and trading operations enabling – everything from institutional finance to consumer-facing digital experiences across the largest ecosystem of banks, payment providers, stablecoin issuers, exchanges and custodians. Thousands of organizations – including Worldpay, BNY, Galaxy, and Revolut – trust Fireblocks to secure more than $10 trillion in digital asset transactions across 120+ blockchains. Learn more at fireblocks.com.

Related Reports

More Reports

Blog
Company News & Updates

“Hacking for good” with Fireblocks @ Permissionless II

Blog
Company News & Updates, Expert Commentary, Research & Security

“The New Frontier of Crypto Security” Report: Navigating the Latest Threats With Best-in-Class Security 

Best PracticeSecurity
Blog
Industry Insights, Knowledge Base

[Guide] How to Run a Fully Remote Operations Team with Fireblocks

Best PracticeTreasury Management